Setting the jail identifier from /etc/rc.conf

Hi,

I haven't played with Jails for a long time, but I wanted to figure out
how hard it is to make init spawn getties for certain jails. It
shouldn't be too hard (jexec foo /usr/libexec/getty), but I can't seem
to find a way to set the jid to a certain value from within rc.conf.

It also seems jids cannot contain dots, which means I cannot set the jid
equal to the hostname of the jail.

Maybe a Jail hacker can give me some advice here? Wouldn't it be more
sane if the kernel just used the hostname as an identifier if there is
no jail with the same hostname yet? Or maybe we should at least provide
a config tunable for this?

--
 Ed Schouten <ed@...>
 WWW: http://80386.nl/

On Thu, 22 Oct 2009, Ed Schouten wrote:

Redirect to freebsd-jail@  ; you may even find the answers to those
int he mail archive (unless those had been private threads I was on
Cc: on;-)


--
Bjoern A. Zeeb         It will not break if you know what you are doing.
_______________________________________________
freebsd-arch@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@..."

Ed Schouten <ed@...> writes:
> I haven't played with Jails for a long time, but I wanted to figure out
> how hard it is to make init spawn getties for certain jails. It
> shouldn't be too hard (jexec foo /usr/libexec/getty), but I can't seem
> to find a way to set the jid to a certain value from within rc.conf.

The jid is a number assigned by the kernel which increases monotonically
for every jail created.  If you stop and restart a jail, it will get a
new jid.  If you're thinking of the jail name as specified in rc.conf,
that's internal to the rc script - it is not passed to the kernel.  The
kernel's idea of the jail name defaults to the string representation of
the jid (i.e. a jail with jid 4 is named "4" unless otherwise specified
on the command line).  There is no rc.conf variable for it, but you can
add "-n foo" to jail_foo_flags.

(it seems /etc/rc.d/jail hasn't quite caught up with the new jail(8)
command line syntax)

Currently, your best bet is probably to read the jid from
/var/run/jail_${foo}.id, which is created by the rc script when it
starts the jail.

> It also seems jids cannot contain dots, which means I cannot set the jid
> equal to the hostname of the jail.

The jail name can not contain dots because jails can nest, and dots are
used to separate components in the fully qualified name of a jail.  If
you start a jail named "foo", and within "foo" start a jail named "bar",
then the fully qualified name of the inner jail is "foo.bar".

DES
--
Dag-Erling Smørgrav - des@...
_______________________________________________
freebsd-arch@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@..."

Hi Dag-Erling,

* Dag-Erling Smørgrav <des@...> wrote:
> on the command line).  There is no rc.conf variable for it, but you can
> add "-n foo" to jail_foo_flags.

Well, good enough I guess.

I solved the entire getty thing by doing the following. I'm running a
jail called small.80386.nl, which is a temporary install I had, to see
what happens if you enable a lot of WITHOUT_* flags.

/etc/devfs.rules:
| [small_80386_nl=5]
| add include $devfsrules_hide_all
| add include $devfsrules_unhide_basic
| add include $devfsrules_unhide_login
| add path ttyv8 unhide

/etc/rc.conf:
| jail_small_flags="-l -U root -n small_80386_nl"
| jail_small_devfs_ruleset="small_80386_nl"

/etc/ttys:
| ttyv8 "/usr/sbin/jexec small_80386_nl /usr/libexec/getty Pc" cons25 on secure

--
 Ed Schouten <ed@...>
 WWW: http://80386.nl/